CVE search results

1 – 10 of 21 results

Detailed view

Sort by:

CVE-2026-33748

Medium priority

Needs evaluation

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to...

2 affected packages

docker.io, docker.io-app

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
docker.io	—	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
docker.io-app	—	Needs evaluation	Needs evaluation	Needs evaluation	—

CVE-2026-33747

Medium priority

Needs evaluation

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that...

2 affected packages

docker.io, docker.io-app

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
docker.io	—	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
docker.io-app	—	Needs evaluation	Needs evaluation	Needs evaluation	—

CVE-2026-33990

Medium priority

Needs evaluation

Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a...

2 affected packages

docker.io, docker.io-app

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
docker.io	—	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
docker.io-app	—	Needs evaluation	Needs evaluation	Needs evaluation	—

CVE-2026-34040

Medium priority

Needs evaluation

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

2 affected packages

docker.io, docker.io-app

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
docker.io	—	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
docker.io-app	—	Needs evaluation	Needs evaluation	Needs evaluation	—

CVE-2026-33997

Medium priority

Needs evaluation

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's...

2 affected packages

docker.io, docker.io-app

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
docker.io	—	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
docker.io-app	—	Needs evaluation	Needs evaluation	Needs evaluation	—

CVE-2025-54410

Medium priority

Needs evaluation

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases...

2 affected packages

docker.io, docker.io-app

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
docker.io	—	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
docker.io-app	—	Needs evaluation	Needs evaluation	Needs evaluation	—

CVE-2025-54388

Medium priority

Vulnerable

2 affected packages

docker.io, docker.io-app

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
docker.io	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
docker.io-app	Vulnerable	Vulnerable	Vulnerable	Not affected	—

CVE-2024-36623

Medium priority

Some fixes available 7 of 11

moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.

2 affected packages

docker.io, docker.io-app

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
docker.io	—	Fixed	Fixed	Fixed	Fixed
docker.io-app	—	Fixed	Fixed	Fixed	—

CVE-2024-36621

Medium priority

Some fixes available 7 of 12

moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.

2 affected packages

docker.io, docker.io-app

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
docker.io	—	Fixed	Fixed	Fixed	Fixed
docker.io-app	—	Fixed	Fixed	Fixed	—

CVE-2024-41110

High priority

Some fixes available 11 of 12

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ)...

2 affected packages

docker.io, docker.io-app

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
docker.io	—	Fixed	Fixed	Fixed	Fixed
docker.io-app	—	Fixed	Fixed	Fixed	—

Export to JSON

Results by page:

Search CVE reports